#!/bin/sh

set -e

setperm() {
  local user="$1"
  shift
  local group="$1"
  shift
  local mode="$1"
  shift
  local file="$@"

  # Only do something when no setting exists - if it was set, then it's already
  # been unpacked using the appropriate ownership and permissions.
  if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
    chown "$user":"$group" "$file"
    chmod "$mode" "$file"
  fi
}


# If the package has default file it could be sourced, so that
# the local admin can overwrite the defaults

[ -f "/etc/default/rundeck" ] && . /etc/default/rundeck

# Sane defaults:

[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/rundeck
[ -z "$SERVER_USER" ] && SERVER_USER=rundeck
[ -z "$SERVER_NAME" ] && SERVER_NAME="Rundeck user account"
[ -z "$SERVER_GROUP" ] && SERVER_GROUP=rundeck

# create user to avoid running server as root
# 1. create group if not existing
if ! getent group | grep -q "^$SERVER_GROUP:" ; then
   echo -n "Adding group $SERVER_GROUP.."
   addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
   echo "..done"
fi
# 2. create homedir if not existing
test -d $SERVER_HOME || mkdir $SERVER_HOME
# 3. create user if not existing
if ! getent passwd | grep -q "^$SERVER_USER:"; then
  echo -n "Adding system user $SERVER_USER.."
  adduser --quiet \
          --system \
          --ingroup $SERVER_GROUP \
          --no-create-home \
          --disabled-password \
          $SERVER_USER 2>/dev/null || true
  echo "..done"
fi

# 4. adjust passwd entry
usermod -c "$SERVER_NAME" \
        -d $SERVER_HOME   \
        -g $SERVER_GROUP  \
           $SERVER_USER

# 5. adjust file and directory permissions
setperm rundeck rundeck 0750 /var/lib/rundeck
setperm rundeck rundeck 0750 /var/lib/rundeck/work
setperm rundeck rundeck 0750 /var/lib/rundeck/data
setperm rundeck adm 2751 /var/lib/rundeck/logs
setperm rundeck rundeck 0750 /var/lib/rundeck/var
setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp
setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp/pluginJars
setperm rundeck rundeck 0700 /var/lib/rundeck/.ssh
setperm rundeck adm 2751 /var/log/rundeck
setperm rundeck rundeck 0750 /var/lib/rundeck/bootstrap
setperm rundeck rundeck 0750 /var/lib/rundeck/libext
setperm rundeck rundeck 0750 /etc/rundeck
setperm rundeck rundeck 0750 /etc/rundeck/ssl
find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chown rundeck:rundeck
find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chmod 0640
find /var/lib/rundeck/libext -maxdepth 2 -type f -print0 | xargs -0 chown rundeck:rundeck
find /var/lib/rundeck/libext -maxdepth 2 -type f -print0 | xargs -0 chmod 0644

# 6. set correct owner/permissions for service.log if it already exists
[ -f /var/log/rundeck/service.log ] && setperm rundeck adm 0664 /var/log/rundeck/service.log

DIR=/etc/rundeck
if  ! grep -E '^\s*rundeck.server.uuid\s*=\s*.{8}-.{4}-.{4}-.{4}-.{12}\s*$' $DIR/framework.properties ; then
    uuid=$(uuidgen)
    echo "\n# ----------------------------------------------------------------" >> $DIR/framework.properties
    echo "# Auto generated server UUID: $uuid" >> $DIR/framework.properties
    echo "# ----------------------------------------------------------------" >> $DIR/framework.properties
    echo "rundeck.server.uuid = $uuid" >> $DIR/framework.properties
fi

#setting a random password for encryption
if [ -f "$DIR/rundeck-config.properties" ] ; then
  STORAGE_PASS=$(openssl rand -hex 8)
  sed -i -E 's/^rundeck\.storage\.converter\.([0-9]+)\.config\.password=default\.encryption\.password$/rundeck.storage.converter.\1.config.password='"$STORAGE_PASS"'/' "$DIR/rundeck-config.properties"
  sed -i -E 's/^rundeck\.config\.storage\.converter\.([0-9]+)\.config\.password=default\.encryption\.password$/rundeck.config.storage.converter.\1.config.password='"$STORAGE_PASS"'/' "$DIR/rundeck-config.properties"
fi

